Assessing and Managing Security Risk in IT Systems —— A Structured Methodology

----- 信息技术系统中的安全风险的评估和管理

ISBN: 9780849322327 出版年：2004 页码：290 McCumber, John Auerbach Publications

This book begins with an overview of information systems security, offering the basic underpinnings of information security and concluding with an analysis of risk management. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.